FEDORA-2018-79f7540a1e created by ansasaki 2 years ago for Fedora 29
stable
  • Update to upstream 3.6.5 release
  • Security fix for CVE-2018-16868

How to install

sudo dnf upgrade --advisory=FEDORA-2018-79f7540a1e

This update has been submitted for testing by ansasaki. This critical path update has not yet been approved for pushing to the stable repository. It must first reach a karma of 2, consisting of 0 positive karma from proventesters, along with 2 additional karma from the community. Or, it must spend 14 days in testing without any negative feedback Additionally, it must pass automated tests..

2 years ago

ansasaki edited this update.

2 years ago

This update has been submitted for testing by ansasaki.

2 years ago
User Icon jbastian commented & provided feedback 2 years ago
karma

Before this update, F29 vncviewer would fail with "TLS Handshake failed: An illegal TLS extension was received." when connecting to a VNC server using a gnutls with record_size_limit extension.

This gnutls update fixes F29 vncviewer.

BZ#1657289 update to gnutls-3.6.5
User Icon cmorris provided feedback 2 years ago
karma

This update has been pushed to testing.

2 years ago
User Icon besser82 commented & provided feedback 2 years ago
karma

Works great! LGTM! =)

no issues found

User Icon jonathancalloway commented & provided feedback 2 years ago
karma

No regressions noted

User Icon renault commented & provided feedback 2 years ago
karma

No regressions found

User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

User Icon andilinux commented & provided feedback 2 years ago
karma

okay

User Icon mzink commented & provided feedback 2 years ago
karma

no issues

This update has been submitted for batched by ansasaki.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago
User Icon adamwill commented & provided feedback 2 years ago

Note this update seems to require the newer nettle from this other update, but this dependency is not specified by the package. This update is marked as a security update but that one is not; so if you have a system which automatically installs only security updates, it will actually break when it installs this update, because it will not install the newer nettle.

@kevin @puiterwijk you may see this on infra systems.


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
8
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1654929 CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification
0
0
BZ#1655389 CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification [fedora-all]
0
0
BZ#1657289 update to gnutls-3.6.5
0
1

Automated Test Results